Skip to content

Instantly share code, notes, and snippets.

@cyakimov
Created September 5, 2013 21:34
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cyakimov/6456518 to your computer and use it in GitHub Desktop.
Save cyakimov/6456518 to your computer and use it in GitHub Desktop.
Allow apache user to exec a git pull command.

Change your PHP to run git via sudo

<?php `sudo git pull git@github.com:my-user/myrepo.git`; ?>

Then change your suoders to allow git to be run by the apache user:

nano /etc/sudoers

Add this to the EOF:

apache ALL = NOPASSWD: /usr/bin/git

To test it, run:

sudo su apache

git pull

If you get a “This account is currently not available” message, run this cmd:

sudo chsh -s /bin/bash apache

@ecrider
Copy link

ecrider commented Jul 29, 2017

Apache on sudoers list... with root privileges... with no password setting... ran by PHP script... using shell command line... executed from strings... with backticks execution operators...

Nope, nothing could possibly go wrong, it's absolutely safe, there is nothing to worry about, let's push it to production.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment